Why is SSL Important for Your Site Security?

SSL stands for Secure Sockets Layer. It is an encryption-based technology to securely exchange of information between a website and visitor. Aside from encrypting the data exchanged, it also ensures the authenticity of a website to your visitors. Millions of websites use SSL for website security. It is an integral element of website security. If you care about site user experience and security, you need SSL — it’s really that simple.

A large number of people enter sensitive information like credit cards details on websites. Details like these are important, far too important to let hackers sniff ‘em off website traffic. That’s why it is important for website owners as well as visitors to understand the importance of SSL. It is not a marketing gimmick by hosting companies to make you spend money. It does secure your communication as well as your users trust you.

In this post, you will learn the what, why and how of SSL for your WordPress website.

The Differences Between HTTP vs. HTTPs

Implementing SSL is, in the most basic terms, switching from traditional protocol HTTP to HTTPS. HTTP is a data communication protocol on which the entire world wide web is based. Note that I will be using the terms HTTPS and SSL interchangeably since they almost mean the same for the purpose of this article. There are several differences between the HTTP and HTTPS like:

Website security: With HTTPS, the information exchanged between browser and the visitor is encrypted, making it ciphertext and completely different from the actual transmitted data.

The padlock: Websites which employ SSL have their URLs prefixed with HTTPS, and a green padlock is shown beside them. Clicking the padlock shows various details about the website, and it’s security layer.

Price difference: HTTP is free, anyone can use it. HTTPS costs an annual fee of $60-200 for renewing the associated certificate. But services like Let’s Encrypt are helping the world by making SSL free.

Those are the major differences between the protocols, though, they are beyond the scope of this article. All you need to know is that HTTPs is secure but HTTP is not. Any data you enter over HTTP can be spoofed by hackers.

Why You Need HTTPs

While the given technology may sound fancy and cool, — Are there any practical reasons to migrate from HTTP to HTTPS? Yes! Let me explain a few reasons why you need HTTPS.

Better SEO: SEO is about driving more traffic from search engines. There are many ranking signals that Google examines to determine the ranking a web page. One of the officially declared ranking signals is HTTPS. Google says that it ranks HTTPS sites better.

Security: It is incredibly essential to ensure the privacy and security of your visitors. If you collect payments or any other sensitive information through your website, you must ensure its security. SSL strengthens security for both visitors and website owner. Website owners can take a sigh of relief because their traffic is 100% encrypted. For visitors, they can also feel safe and secure seeing the shiny green padlock.

Website credibility: Since huge websites like Google, Mozilla, and Youtube use HTTPS and show green padlocks, the green padlock shown beside any address is deemed as a sign of reputation. Visitors are more likely to trust a website if it has SSL. This is both good and bad because not all websites that use this protocol are legit.

For eCommerce stores: When you run an eCommerce store, accepting credit cards and PayPal becomes important. If you want to do that, per PCI Compliance, you are required to use SSL.

With HTTPS comes a sense of trust for visitors. Visitors should never enter their credit card details or any other sensitive information on a website without SSL. Now you know the importance of SSL. But how do you implement it on your website? Continue reading to learn how.

How to Get HTTPS

Step#1: Get an SSL Certificate / Use Let’s Encrypt

An SSL certificate is a virtually authorized document which permits you to use the SSL encryption technology. It is mandatory to have this certificate because, without it, you can’t force HTTPS on your website. An SSL certificate costs in the range of $60-200, depending upon the validity period of the certificate. That’s right; the certificate expires, and you need to renew it to keep using it.

Step#3: Change Site & Home URLs to HTTPS

To use HTTPS everywhere, make sure the WordPress site settings are updated too. Follow these instructions:

Go to Settings > General

Add https://www.mydomain.com/ in both Site URL & Home URL fields

Make sure to replace mydomain.com with your domain name

Click “Save Changes.”

This step can be risky sometimes, especially if you are going to do it for an old website. I recommend using Really Simple SSL WordPress plugin, which takes care of this step automatically and lets you know about other things you need to fix.

Step#4: Search & Replace URLs to HTTPS

If your website is fairly old, all internal links will need to be updated. It is time to search and replace these links. Before you proceed with this step, backup your WordPress database. Follow these instructions:

You can also use the SSL Labs test to get a complete picture of your configurations.

Visit a few pages of your site, check to if they all display padlock icon

Search “site:your_domain.com” on Google, make sure all the indexed links are properly redirected and are https (it takes time for Google to pick up the redirection, make sure your sitemap is submitted, and you can reindex your site manually.)

Conclusion

This steps described in this post may feel overwhelming and daunting, but it is a very important to have an SSL for your business site. With the benefit of SEO, trust, and website security, you get to stay ahead of the curve. HTTP is obsolete; HTTPS is the future.

Starting Jan 2017, Google Chrome will treat HTTP sites as insecure.

So, right now is the right time to start thinking about HTTPs.

What do you think about the importance of SSL? Do you have any tips for migration from HTTP to HTTPS?

Finally, you can catch all of my articles on my profile page, and you can follow me or reach out at Twitter @MrAhmadAwais; where I write about development workflows in the context of WordPress.

As usual, don’t hesitate to leave any questions or comments below, and I’ll aim to respond to each of them.

Coupons

3 thoughts on “Why is SSL Important for Your Site Security?”

Thanks for the inside Ahmad. The task to move to SSL sounds very daunting and you can read a lot bad user experiences online. But after just moving two of my sites to https I found it super easy. The really simple SSL plugin does everything for you. I didn’t even see any drop in traffic.

This is a great walk-through the subject of SSL! I was wondering if for an eCommerce site I should buy a SSL or use the free SSL like Let’s Encrypt that comes with a Siteground hosting account? Is there any difference?